2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 19:08:59 +00:00

Validate that offsets in object streams are strictly increasing

This commit is contained in:
m-holger 2024-09-28 00:28:17 +01:00
parent 1b6a504d42
commit 192525226f

View File

@ -2064,6 +2064,7 @@ QPDF::resolveObjectsInStream(int obj_stream_number)
(m->file->getName() + " object stream " + std::to_string(obj_stream_number)), (m->file->getName() + " object stream " + std::to_string(obj_stream_number)),
bp.get())); bp.get()));
qpdf_offset_t last_offset = -1;
for (int i = 0; i < n; ++i) { for (int i = 0; i < n; ++i) {
QPDFTokenizer::Token tnum = readToken(*input); QPDFTokenizer::Token tnum = readToken(*input);
QPDFTokenizer::Token toffset = readToken(*input); QPDFTokenizer::Token toffset = readToken(*input);
@ -2089,6 +2090,15 @@ QPDF::resolveObjectsInStream(int obj_stream_number)
"object stream claims to contain itself")); "object stream claims to contain itself"));
continue; continue;
} }
if (offset <= last_offset) {
throw damagedPDF(
*input,
m->last_object_description,
input->getLastOffset(),
"expected offsets in object stream to be increasing");
}
last_offset = offset;
offsets[num] = toI(offset + first); offsets[num] = toI(offset + first);
} }